Verint · Verint Workforce Optimization · CVE-2021-36450
**Name of the Vulnerable Software and Affected Versions**
Verint Workforce Optimization (WFO) version 15.2.8.10048
**Description**
The issue allows for cross-site scripting (XSS) attacks. This is possible due to the `NEWUINAV` parameter in the "control/my notifications" API endpoint.
**Recommendations**
For version 15.2.8.10048, avoid using the `NEWUINAV` parameter in the "control/my notifications" API endpoint until the issue is resolved.